Bug#521107: marked as done (unsafe /tmp usage)

To: Luciano Bello <luciano@debian.org>
Subject: Bug#521107: marked as done (unsafe /tmp usage)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 18 Nov 2009 05:12:08 +0000
Message-id: <[🔎] handler.521107.D521107.12585209276678.ackdone@bugs.debian.org>
References: <E1NAcmc-0006KW-67@ries.debian.org> <20090324215025.GC17595@outflux.net>

Your message dated Wed, 18 Nov 2009 05:08:46 +0000
with message-id <E1NAcmc-0006KW-67@ries.debian.org>
and subject line Bug#521107: fixed in xfs 1:1.0.8-6
has caused the Debian Bug report #521107,
regarding unsafe /tmp usage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
521107: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bugs <submit@bugs.debian.org>
Subject: unsafe /tmp usage
From: Kees Cook <kees@debian.org>
Date: Tue, 24 Mar 2009 14:50:25 -0700
Message-id: <20090324215025.GC17595@outflux.net>

Package: xfs
Version: 1:1.0.8-2.1
Severity: normal
Tags: security
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu jaunty

Hello,

There is a bug in the Ubuntu bug tracker about xfs's init script being used
in an unsafe fashion.  It seems that OpenSUSE has solved this as well:

"set_up_socket_dir moves /tmp/.font-unix to /tmp/.font-unix.$$.
Unfortunately $$ is predictable and there is no test, that
/tmp/.font-unix.$$ does not already exist. So especially symlink attacks
are possible. The attack is only possible, if /tmp/.font-unix does not
already exist. Then an attacker could create an /tmp/.font-unix file (not
directory) and create some symlinks in the form /tmp/.font-unix.XXXX (where
XXXX are possible PID numbers). The start script than moves /tmp/.font-unix
to an symlinked directory /tmp/.font-unix.XXXX."

-Kees

[1] https://bugs.launchpad.net/bugs/299560
[2] https://bugzilla.novell.com/show_bug.cgi?id=408006

-- 
Kees Cook                                            @debian.org

--- End Message ---

--- Begin Message ---

To: 521107-close@bugs.debian.org
Subject: Bug#521107: fixed in xfs 1:1.0.8-6
From: Luciano Bello <luciano@debian.org>
Date: Wed, 18 Nov 2009 05:08:46 +0000
Message-id: <E1NAcmc-0006KW-67@ries.debian.org>

Source: xfs
Source-Version: 1:1.0.8-6

We believe that the bug you reported is fixed in the latest version of
xfs, which is due to be installed in the Debian FTP archive:

xfs_1.0.8-6.diff.gz
  to main/x/xfs/xfs_1.0.8-6.diff.gz
xfs_1.0.8-6.dsc
  to main/x/xfs/xfs_1.0.8-6.dsc
xfs_1.0.8-6_i386.deb
  to main/x/xfs/xfs_1.0.8-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 521107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 18 Nov 2009 03:08:34 -0300
Source: xfs
Binary: xfs
Architecture: source i386
Version: 1:1.0.8-6
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description: 
 xfs        - X font server
Closes: 521107
Changes: 
 xfs (1:1.0.8-6) unstable; urgency=low
 .
   * QA upload.
   * Unsafe /tmp usage fixed in the init script. (Closes: #521107)
Checksums-Sha1: 
 81ef70e3fb82ce242f03ce2f55594c1bcb792712 1146 xfs_1.0.8-6.dsc
 f725af155fabe26ffd392ca5909e896f116be355 26679 xfs_1.0.8-6.diff.gz
 90746e84803621908afb40640653bba3858a01cd 83938 xfs_1.0.8-6_i386.deb
Checksums-Sha256: 
 f128934c6096fe8f466a8bcde19cd5d20a541f0f5d814c6a5fdc0aab524e8fe8 1146 xfs_1.0.8-6.dsc
 560a477f0e656b8457e2e75986d7eaa02345c99c48bea4df11b1ed89ead115a5 26679 xfs_1.0.8-6.diff.gz
 e6575137c80e8e1edc72bc2f02bfc20d5f67347385b96b60b4ad8e33f85090ae 83938 xfs_1.0.8-6_i386.deb
Files: 
 925c85b4d6f04ca856cb2d80f40b76f1 1146 x11 optional xfs_1.0.8-6.dsc
 c1689b9eac7ff2d647add06cd1920840 26679 x11 optional xfs_1.0.8-6.diff.gz
 51f249ccaf05f7f700513b1974926fa6 83938 x11 optional xfs_1.0.8-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksDdwgACgkQQWTRs4lLtHllDACgtvH1t7TzOcuwawBk4a4F30+N
A5kAoKkvN1F6/9IOwVaYIUuLuVgxjhv5
=Lqcs
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#521107: s-p-u: security update for xfs package
Next by Date: Processing of gmanedit_0.4.2-3_amd64.changes
Previous by thread: Processing of xfs_1.0.8-6_i386.changes
Next by thread: Processing of gmanedit_0.4.2-3_amd64.changes
Index(es):
- Date
- Thread